Text

WHITE PAPER SECURITY EVENT MITIGATION ASSESSMENT

[This version redacts information considered to be Security Sensitive]

May 2017

2 May 2017 Purpose This technical report provides a methodology for performing a Security Event Mitigation Assessment (SEMA). A SEMA is used to determine if credit may be given for the implementation of an operator action, or a mitigation action or strategy, in response to a physical attack on a nuclear power facility in order to prevent radiological sabotage. The methodology also evaluates potential credit for a tactical response needed to eliminate adversary interference so as to allow completion of a mitigation action or strategy.

Acceptable results from a SEMA will provide reasonable assurance that an operator action, or mitigation action or strategy, can be implemented during or following an attack; therefore, these results may be used to inform vulnerability assessments, and the evaluation of tactical response drills and force-on-force (FOF) exercises.

The performance of a SEMA by a licensee is voluntary. Operator actions already credited by a licensee in their site protective strategy and target sets are not required to be reevaluated using the methodology described in this document. Demonstration of an assessed operator action, or mitigation action or strategy, or support from a local law enforcement agency (LLEA) during routine tactical response drills or FOF exercises is optional, and performed at the licensees discretion.

=

Background===

In accordance with 10 CFR 73.55, Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage, a licensee must establish and maintain a physical protection program, to include a security organization, which will have as its objective to provide high assurance1 that activities involving special nuclear material are not inimical to the common defense and security and do not constitute an unreasonable risk to the public health and safety. To satisfy this performance objective, the physical protection program must protect against the design basis threat of radiological sabotage as stated in § 73.1, and be designed to prevent significant core damage and spent fuel sabotage. In meeting these and related requirements, each licensee has established a site protective strategy and a performance evaluation program that periodically evaluates the effectiveness of the strategy. Licensees also interact with LLEAs to make arrangements for prompt threat response assistance.

With respect to a physical attack on a nuclear power plant, the objective of an adversary 1 The term high assurance is used here to reflect the current wording in 10 CFR 73.55. Where necessary to clarify the expected standard applicable to a SEMA element, all other references in this document use the term reasonable assurance to reflect the NRC Commission direction provided in Staff Requirements - SECY-16-0073 -

Options and Recommendations for the Force-on-Force Inspection Program in Response to SRM-SECY 0088.

3 May 2017 force is to produce significant core damage or spent fuel sabotage by preventing a combination of equipment and/or operator actions from performing their intended safety functions (i.e., a target set is compromised, destroyed, or rendered nonfunctional).

Following the loss of equipment and/or operator actions, some amount of time would elapse during which the fuel would heat-up to the point where there is non-incipient, non-localized fuel melting and/or core destruction, or a loss of spent fuel pool water inventory and exposure of spent fuel. If operators or other members of the plant staff can take certain actions or implement a mitigation strategy during this period, then the progression to fuel damage may be arrested and reversed. This period can thus be considered an available mitigation response time (i.e., the elapsed time between the loss of a target set and the onset of significant core damage or spent fuel sabotage).

In Staff Requirements - SECY-16-0073 - Options and Recommendations for the Force-on-Force Inspection Program in Response to SRM-SECY-14-0088, the NRC Commission directed the staff to assess the security baseline inspection program to identify potential improvements and efficiencies. The assessment was to include a determination whether crediting of operator actions, the use of FLEX equipment, or response by local, State, and Federal law enforcement would make FOF exercises more realistic. The SEMA methodology addresses the crediting of all three capabilities. Concerning operator actions and FLEX equipment, the SEMA methodology makes the following distinctions.

[REDACTED]

Availability of Personnel to Implement Actions or Strategies

[REDACTED]

In cases where the expected timeframes for the performance of two or more operator actions overlap, or there is a single operator action requiring tasks by two or more operators at separate locations, the licensee should determine that adequate staffing is available to perform the actions/tasks within the available timeframes defined by the assessment(s).

Definitions Key terms used in the SEMA methodology are defined below and illustrated in Attachment 1, Security Event Mitigation Assessment Overview.

[REDACTED]

4 May 2017 Methodology The SEMA methodology should be applied to a given action or strategy to determine if it can be credited as part of the response to a physical attack. Flowcharts of the methodology are illustrated in Attachment 2, SEMA for Evaluation of a Tactical Response Drill or FOF Exercise, and Attachment 3, SEMA for a Vulnerability Assessment. The performance of each assessment step should be documented in Attachment 4, Security Event Mitigation Assessment;2 the block numbers below correspond to the numbered blocks on the form.

As discussed below, several blocks will require the demonstration of certain actions or activities in order to collect data for use in an assessment (e.g., LLEA mission briefing, rehearsal and execution times). Once an action or activity has been completed, and the data recorded, subsequent demonstrations in routine tactical response drills or FOF exercises are optional, and performed at the licensees discretion. The SEMA methodology imposes no new requirement for the periodic demonstration of operator actions, mitigation actions or mitigation strategies, or support provided by LLEAs.

[REDACTED]

As identified in the block instructions, some SEMA data are subject to an increase of 10% (i.e.,

multiplied by 1.1) to account for event uncertainties and performance variability. This factor was determined through professional/engineering judgement and deemed to be reasonable for its intended use.

Block 1 - SEMA Identification Enter the applicable site and unit(s), and target set(s). Space is also provided for entry of a unique SEMA identification number or alpha-numeric term; this entry is optional but allows for easy reference of the assessment in other documents.

[REDACTED]

2 Attachment 4 is provided as an example; any hard copy or electronic format documenting the same information is acceptable. Steps/blocks may be reordered as needed for a particular application.

5 May 2017 Block 14 - Comments Enter comments as appropriate.

Review and Approval The completed assessment should receive an independent review and be approved using the requirements or standards normally applied to other target set-related documents.

Assignment of Actions and Strategies to Target Sets

[REDACTED]

Use of SEMA Results

[REDACTED]

Periodic Verification of Tactical Support Capabilities

[REDACTED]

Updates to a SEMA Assessment A SEMA should be updated to reflect new information that may impact the validity or results of the assessment. For example, an update may be required when there is a change to the plant configuration, target sets or LLEA capabilities.

6 May 2017 Security Event Mitigation Assessment Overview

[REDACTED]

Attack begins Elapsed time Onset of significant core damage or SF sabotage

7 May 2017 SEMA for Evaluation of a Tactical Response Drill or FOF Exercise Evaluation

[REDACTED]

8 May 2017 SEMA for a Vulnerability Assessment

[REDACTED]

9 May 2017 Security Event Mitigation Assessment (This Attachment is Safeguards Information when completed)

[REDACTED]